com.amazonaws.services.networkfirewall.model.FirewallPolicy Maven / Gradle / Ivy
Show all versions of aws-java-sdk-networkfirewall Show documentation
/*
* Copyright 2019-2024 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
* the License. A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
* and limitations under the License.
*/
package com.amazonaws.services.networkfirewall.model;
import java.io.Serializable;
import javax.annotation.Generated;
import com.amazonaws.protocol.StructuredPojo;
import com.amazonaws.protocol.ProtocolMarshaller;
/**
*
* The firewall policy defines the behavior of a firewall using a collection of stateless and stateful rule groups and
* other settings. You can use one firewall policy for multiple firewalls.
*
*
* This, along with FirewallPolicyResponse, define the policy. You can retrieve all objects for a firewall policy
* by calling DescribeFirewallPolicy.
*
*
* @see AWS
* API Documentation
*/
@Generated("com.amazonaws:aws-java-sdk-code-generator")
public class FirewallPolicy implements Serializable, Cloneable, StructuredPojo {
/**
*
* References to the stateless rule groups that are used in the policy. These define the matching criteria in
* stateless rules.
*
*/
private java.util.List statelessRuleGroupReferences;
/**
*
* The actions to take on a packet if it doesn't match any of the stateless rules in the policy. If you want
* non-matching packets to be forwarded for stateful inspection, specify aws:forward_to_sfe.
*
*
* You must specify one of the standard actions: aws:pass, aws:drop, or
* aws:forward_to_sfe. In addition, you can specify custom actions that are compatible with your
* standard section choice.
*
*
* For example, you could specify ["aws:pass"] or you could specify
* ["aws:pass", “customActionName”]. For information about compatibility, see the custom action
* descriptions under CustomAction.
*
*/
private java.util.List statelessDefaultActions;
/**
*
* The actions to take on a fragmented UDP packet if it doesn't match any of the stateless rules in the policy.
* Network Firewall only manages UDP packet fragments and silently drops packet fragments for other protocols. If
* you want non-matching fragmented UDP packets to be forwarded for stateful inspection, specify
* aws:forward_to_sfe.
*
*
* You must specify one of the standard actions: aws:pass, aws:drop, or
* aws:forward_to_sfe. In addition, you can specify custom actions that are compatible with your
* standard section choice.
*
*
* For example, you could specify ["aws:pass"] or you could specify
* ["aws:pass", “customActionName”]. For information about compatibility, see the custom action
* descriptions under CustomAction.
*
*/
private java.util.List statelessFragmentDefaultActions;
/**
*
* The custom action definitions that are available for use in the firewall policy's
* StatelessDefaultActions setting. You name each custom action that you define, and then you can use
* it by name in your default actions specifications.
*
*/
private java.util.List statelessCustomActions;
/**
*
* References to the stateful rule groups that are used in the policy. These define the inspection criteria in
* stateful rules.
*
*/
private java.util.List statefulRuleGroupReferences;
/**
*
* The default actions to take on a packet that doesn't match any stateful rules. The stateful default action is
* optional, and is only valid when using the strict rule order.
*
*
* Valid values of the stateful default action:
*
*
* -
*
* aws:drop_strict
*
*
* -
*
* aws:drop_established
*
*
* -
*
* aws:alert_strict
*
*
* -
*
* aws:alert_established
*
*
*
*
* For more information, see Strict evaluation order in the Network Firewall Developer Guide.
*
*/
private java.util.List statefulDefaultActions;
/**
*
* Additional options governing how Network Firewall handles stateful rules. The stateful rule groups that you use
* in your policy must have stateful rule options settings that are compatible with these settings.
*
*/
private StatefulEngineOptions statefulEngineOptions;
/**
*
* The Amazon Resource Name (ARN) of the TLS inspection configuration.
*
*/
private String tLSInspectionConfigurationArn;
/**
*
* Contains variables that you can use to override default Suricata settings in your firewall policy.
*
*/
private PolicyVariables policyVariables;
/**
*
* References to the stateless rule groups that are used in the policy. These define the matching criteria in
* stateless rules.
*
*
* @return References to the stateless rule groups that are used in the policy. These define the matching criteria
* in stateless rules.
*/
public java.util.List getStatelessRuleGroupReferences() {
return statelessRuleGroupReferences;
}
/**
*
* References to the stateless rule groups that are used in the policy. These define the matching criteria in
* stateless rules.
*
*
* @param statelessRuleGroupReferences
* References to the stateless rule groups that are used in the policy. These define the matching criteria in
* stateless rules.
*/
public void setStatelessRuleGroupReferences(java.util.Collection statelessRuleGroupReferences) {
if (statelessRuleGroupReferences == null) {
this.statelessRuleGroupReferences = null;
return;
}
this.statelessRuleGroupReferences = new java.util.ArrayList(statelessRuleGroupReferences);
}
/**
*
* References to the stateless rule groups that are used in the policy. These define the matching criteria in
* stateless rules.
*
*
* NOTE: This method appends the values to the existing list (if any). Use
* {@link #setStatelessRuleGroupReferences(java.util.Collection)} or
* {@link #withStatelessRuleGroupReferences(java.util.Collection)} if you want to override the existing values.
*
*
* @param statelessRuleGroupReferences
* References to the stateless rule groups that are used in the policy. These define the matching criteria in
* stateless rules.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public FirewallPolicy withStatelessRuleGroupReferences(StatelessRuleGroupReference... statelessRuleGroupReferences) {
if (this.statelessRuleGroupReferences == null) {
setStatelessRuleGroupReferences(new java.util.ArrayList(statelessRuleGroupReferences.length));
}
for (StatelessRuleGroupReference ele : statelessRuleGroupReferences) {
this.statelessRuleGroupReferences.add(ele);
}
return this;
}
/**
*
* References to the stateless rule groups that are used in the policy. These define the matching criteria in
* stateless rules.
*
*
* @param statelessRuleGroupReferences
* References to the stateless rule groups that are used in the policy. These define the matching criteria in
* stateless rules.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public FirewallPolicy withStatelessRuleGroupReferences(java.util.Collection statelessRuleGroupReferences) {
setStatelessRuleGroupReferences(statelessRuleGroupReferences);
return this;
}
/**
*
* The actions to take on a packet if it doesn't match any of the stateless rules in the policy. If you want
* non-matching packets to be forwarded for stateful inspection, specify aws:forward_to_sfe.
*
*
* You must specify one of the standard actions: aws:pass, aws:drop, or
* aws:forward_to_sfe. In addition, you can specify custom actions that are compatible with your
* standard section choice.
*
*
* For example, you could specify ["aws:pass"] or you could specify
* ["aws:pass", “customActionName”]. For information about compatibility, see the custom action
* descriptions under CustomAction.
*
*
* @return The actions to take on a packet if it doesn't match any of the stateless rules in the policy. If you want
* non-matching packets to be forwarded for stateful inspection, specify aws:forward_to_sfe.
*
*
* You must specify one of the standard actions: aws:pass, aws:drop, or
* aws:forward_to_sfe. In addition, you can specify custom actions that are compatible with
* your standard section choice.
*
*
* For example, you could specify ["aws:pass"] or you could specify
* ["aws:pass", “customActionName”]. For information about compatibility, see the custom action
* descriptions under CustomAction.
*/
public java.util.List getStatelessDefaultActions() {
return statelessDefaultActions;
}
/**
*
* The actions to take on a packet if it doesn't match any of the stateless rules in the policy. If you want
* non-matching packets to be forwarded for stateful inspection, specify aws:forward_to_sfe.
*
*
* You must specify one of the standard actions: aws:pass, aws:drop, or
* aws:forward_to_sfe. In addition, you can specify custom actions that are compatible with your
* standard section choice.
*
*
* For example, you could specify ["aws:pass"] or you could specify
* ["aws:pass", “customActionName”]. For information about compatibility, see the custom action
* descriptions under CustomAction.
*
*
* @param statelessDefaultActions
* The actions to take on a packet if it doesn't match any of the stateless rules in the policy. If you want
* non-matching packets to be forwarded for stateful inspection, specify aws:forward_to_sfe.
*
*
* You must specify one of the standard actions: aws:pass, aws:drop, or
* aws:forward_to_sfe. In addition, you can specify custom actions that are compatible with your
* standard section choice.
*
*
* For example, you could specify ["aws:pass"] or you could specify
* ["aws:pass", “customActionName”]. For information about compatibility, see the custom action
* descriptions under CustomAction.
*/
public void setStatelessDefaultActions(java.util.Collection statelessDefaultActions) {
if (statelessDefaultActions == null) {
this.statelessDefaultActions = null;
return;
}
this.statelessDefaultActions = new java.util.ArrayList(statelessDefaultActions);
}
/**
*
* The actions to take on a packet if it doesn't match any of the stateless rules in the policy. If you want
* non-matching packets to be forwarded for stateful inspection, specify aws:forward_to_sfe.
*
*
* You must specify one of the standard actions: aws:pass, aws:drop, or
* aws:forward_to_sfe. In addition, you can specify custom actions that are compatible with your
* standard section choice.
*
*
* For example, you could specify ["aws:pass"] or you could specify
* ["aws:pass", “customActionName”]. For information about compatibility, see the custom action
* descriptions under CustomAction.
*
*
* NOTE: This method appends the values to the existing list (if any). Use
* {@link #setStatelessDefaultActions(java.util.Collection)} or
* {@link #withStatelessDefaultActions(java.util.Collection)} if you want to override the existing values.
*
*
* @param statelessDefaultActions
* The actions to take on a packet if it doesn't match any of the stateless rules in the policy. If you want
* non-matching packets to be forwarded for stateful inspection, specify aws:forward_to_sfe.
*
*
* You must specify one of the standard actions: aws:pass, aws:drop, or
* aws:forward_to_sfe. In addition, you can specify custom actions that are compatible with your
* standard section choice.
*
*
* For example, you could specify ["aws:pass"] or you could specify
* ["aws:pass", “customActionName”]. For information about compatibility, see the custom action
* descriptions under CustomAction.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public FirewallPolicy withStatelessDefaultActions(String... statelessDefaultActions) {
if (this.statelessDefaultActions == null) {
setStatelessDefaultActions(new java.util.ArrayList(statelessDefaultActions.length));
}
for (String ele : statelessDefaultActions) {
this.statelessDefaultActions.add(ele);
}
return this;
}
/**
*
* The actions to take on a packet if it doesn't match any of the stateless rules in the policy. If you want
* non-matching packets to be forwarded for stateful inspection, specify aws:forward_to_sfe.
*
*
* You must specify one of the standard actions: aws:pass, aws:drop, or
* aws:forward_to_sfe. In addition, you can specify custom actions that are compatible with your
* standard section choice.
*
*
* For example, you could specify ["aws:pass"] or you could specify
* ["aws:pass", “customActionName”]. For information about compatibility, see the custom action
* descriptions under CustomAction.
*
*
* @param statelessDefaultActions
* The actions to take on a packet if it doesn't match any of the stateless rules in the policy. If you want
* non-matching packets to be forwarded for stateful inspection, specify aws:forward_to_sfe.
*
*
* You must specify one of the standard actions: aws:pass, aws:drop, or
* aws:forward_to_sfe. In addition, you can specify custom actions that are compatible with your
* standard section choice.
*
*
* For example, you could specify ["aws:pass"] or you could specify
* ["aws:pass", “customActionName”]. For information about compatibility, see the custom action
* descriptions under CustomAction.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public FirewallPolicy withStatelessDefaultActions(java.util.Collection statelessDefaultActions) {
setStatelessDefaultActions(statelessDefaultActions);
return this;
}
/**
*
* The actions to take on a fragmented UDP packet if it doesn't match any of the stateless rules in the policy.
* Network Firewall only manages UDP packet fragments and silently drops packet fragments for other protocols. If
* you want non-matching fragmented UDP packets to be forwarded for stateful inspection, specify
* aws:forward_to_sfe.
*
*
* You must specify one of the standard actions: aws:pass, aws:drop, or
* aws:forward_to_sfe. In addition, you can specify custom actions that are compatible with your
* standard section choice.
*
*
* For example, you could specify ["aws:pass"] or you could specify
* ["aws:pass", “customActionName”]. For information about compatibility, see the custom action
* descriptions under CustomAction.
*
*
* @return The actions to take on a fragmented UDP packet if it doesn't match any of the stateless rules in the
* policy. Network Firewall only manages UDP packet fragments and silently drops packet fragments for other
* protocols. If you want non-matching fragmented UDP packets to be forwarded for stateful inspection,
* specify aws:forward_to_sfe.
*
* You must specify one of the standard actions: aws:pass, aws:drop, or
* aws:forward_to_sfe. In addition, you can specify custom actions that are compatible with
* your standard section choice.
*
*
* For example, you could specify ["aws:pass"] or you could specify
* ["aws:pass", “customActionName”]. For information about compatibility, see the custom action
* descriptions under CustomAction.
*/
public java.util.List getStatelessFragmentDefaultActions() {
return statelessFragmentDefaultActions;
}
/**
*
* The actions to take on a fragmented UDP packet if it doesn't match any of the stateless rules in the policy.
* Network Firewall only manages UDP packet fragments and silently drops packet fragments for other protocols. If
* you want non-matching fragmented UDP packets to be forwarded for stateful inspection, specify
* aws:forward_to_sfe.
*
*
* You must specify one of the standard actions: aws:pass, aws:drop, or
* aws:forward_to_sfe. In addition, you can specify custom actions that are compatible with your
* standard section choice.
*
*
* For example, you could specify ["aws:pass"] or you could specify
* ["aws:pass", “customActionName”]. For information about compatibility, see the custom action
* descriptions under CustomAction.
*
*
* @param statelessFragmentDefaultActions
* The actions to take on a fragmented UDP packet if it doesn't match any of the stateless rules in the
* policy. Network Firewall only manages UDP packet fragments and silently drops packet fragments for other
* protocols. If you want non-matching fragmented UDP packets to be forwarded for stateful inspection,
* specify aws:forward_to_sfe.
*
* You must specify one of the standard actions: aws:pass, aws:drop, or
* aws:forward_to_sfe. In addition, you can specify custom actions that are compatible with your
* standard section choice.
*
*
* For example, you could specify ["aws:pass"] or you could specify
* ["aws:pass", “customActionName”]. For information about compatibility, see the custom action
* descriptions under CustomAction.
*/
public void setStatelessFragmentDefaultActions(java.util.Collection statelessFragmentDefaultActions) {
if (statelessFragmentDefaultActions == null) {
this.statelessFragmentDefaultActions = null;
return;
}
this.statelessFragmentDefaultActions = new java.util.ArrayList(statelessFragmentDefaultActions);
}
/**
*
* The actions to take on a fragmented UDP packet if it doesn't match any of the stateless rules in the policy.
* Network Firewall only manages UDP packet fragments and silently drops packet fragments for other protocols. If
* you want non-matching fragmented UDP packets to be forwarded for stateful inspection, specify
* aws:forward_to_sfe.
*
*
* You must specify one of the standard actions: aws:pass, aws:drop, or
* aws:forward_to_sfe. In addition, you can specify custom actions that are compatible with your
* standard section choice.
*
*
* For example, you could specify ["aws:pass"] or you could specify
* ["aws:pass", “customActionName”]. For information about compatibility, see the custom action
* descriptions under CustomAction.
*
*
* NOTE: This method appends the values to the existing list (if any). Use
* {@link #setStatelessFragmentDefaultActions(java.util.Collection)} or
* {@link #withStatelessFragmentDefaultActions(java.util.Collection)} if you want to override the existing values.
*
*
* @param statelessFragmentDefaultActions
* The actions to take on a fragmented UDP packet if it doesn't match any of the stateless rules in the
* policy. Network Firewall only manages UDP packet fragments and silently drops packet fragments for other
* protocols. If you want non-matching fragmented UDP packets to be forwarded for stateful inspection,
* specify aws:forward_to_sfe.
*
* You must specify one of the standard actions: aws:pass, aws:drop, or
* aws:forward_to_sfe. In addition, you can specify custom actions that are compatible with your
* standard section choice.
*
*
* For example, you could specify ["aws:pass"] or you could specify
* ["aws:pass", “customActionName”]. For information about compatibility, see the custom action
* descriptions under CustomAction.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public FirewallPolicy withStatelessFragmentDefaultActions(String... statelessFragmentDefaultActions) {
if (this.statelessFragmentDefaultActions == null) {
setStatelessFragmentDefaultActions(new java.util.ArrayList(statelessFragmentDefaultActions.length));
}
for (String ele : statelessFragmentDefaultActions) {
this.statelessFragmentDefaultActions.add(ele);
}
return this;
}
/**
*
* The actions to take on a fragmented UDP packet if it doesn't match any of the stateless rules in the policy.
* Network Firewall only manages UDP packet fragments and silently drops packet fragments for other protocols. If
* you want non-matching fragmented UDP packets to be forwarded for stateful inspection, specify
* aws:forward_to_sfe.
*
*
* You must specify one of the standard actions: aws:pass, aws:drop, or
* aws:forward_to_sfe. In addition, you can specify custom actions that are compatible with your
* standard section choice.
*
*
* For example, you could specify ["aws:pass"] or you could specify
* ["aws:pass", “customActionName”]. For information about compatibility, see the custom action
* descriptions under CustomAction.
*
*
* @param statelessFragmentDefaultActions
* The actions to take on a fragmented UDP packet if it doesn't match any of the stateless rules in the
* policy. Network Firewall only manages UDP packet fragments and silently drops packet fragments for other
* protocols. If you want non-matching fragmented UDP packets to be forwarded for stateful inspection,
* specify aws:forward_to_sfe.
*
* You must specify one of the standard actions: aws:pass, aws:drop, or
* aws:forward_to_sfe. In addition, you can specify custom actions that are compatible with your
* standard section choice.
*
*
* For example, you could specify ["aws:pass"] or you could specify
* ["aws:pass", “customActionName”]. For information about compatibility, see the custom action
* descriptions under CustomAction.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public FirewallPolicy withStatelessFragmentDefaultActions(java.util.Collection statelessFragmentDefaultActions) {
setStatelessFragmentDefaultActions(statelessFragmentDefaultActions);
return this;
}
/**
*
* The custom action definitions that are available for use in the firewall policy's
* StatelessDefaultActions setting. You name each custom action that you define, and then you can use
* it by name in your default actions specifications.
*
*
* @return The custom action definitions that are available for use in the firewall policy's
* StatelessDefaultActions setting. You name each custom action that you define, and then you
* can use it by name in your default actions specifications.
*/
public java.util.List getStatelessCustomActions() {
return statelessCustomActions;
}
/**
*
* The custom action definitions that are available for use in the firewall policy's
* StatelessDefaultActions setting. You name each custom action that you define, and then you can use
* it by name in your default actions specifications.
*
*
* @param statelessCustomActions
* The custom action definitions that are available for use in the firewall policy's
* StatelessDefaultActions setting. You name each custom action that you define, and then you
* can use it by name in your default actions specifications.
*/
public void setStatelessCustomActions(java.util.Collection statelessCustomActions) {
if (statelessCustomActions == null) {
this.statelessCustomActions = null;
return;
}
this.statelessCustomActions = new java.util.ArrayList(statelessCustomActions);
}
/**
*
* The custom action definitions that are available for use in the firewall policy's
* StatelessDefaultActions setting. You name each custom action that you define, and then you can use
* it by name in your default actions specifications.
*
*
* NOTE: This method appends the values to the existing list (if any). Use
* {@link #setStatelessCustomActions(java.util.Collection)} or
* {@link #withStatelessCustomActions(java.util.Collection)} if you want to override the existing values.
*
*
* @param statelessCustomActions
* The custom action definitions that are available for use in the firewall policy's
* StatelessDefaultActions setting. You name each custom action that you define, and then you
* can use it by name in your default actions specifications.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public FirewallPolicy withStatelessCustomActions(CustomAction... statelessCustomActions) {
if (this.statelessCustomActions == null) {
setStatelessCustomActions(new java.util.ArrayList(statelessCustomActions.length));
}
for (CustomAction ele : statelessCustomActions) {
this.statelessCustomActions.add(ele);
}
return this;
}
/**
*
* The custom action definitions that are available for use in the firewall policy's
* StatelessDefaultActions setting. You name each custom action that you define, and then you can use
* it by name in your default actions specifications.
*
*
* @param statelessCustomActions
* The custom action definitions that are available for use in the firewall policy's
* StatelessDefaultActions setting. You name each custom action that you define, and then you
* can use it by name in your default actions specifications.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public FirewallPolicy withStatelessCustomActions(java.util.Collection statelessCustomActions) {
setStatelessCustomActions(statelessCustomActions);
return this;
}
/**
*
* References to the stateful rule groups that are used in the policy. These define the inspection criteria in
* stateful rules.
*
*
* @return References to the stateful rule groups that are used in the policy. These define the inspection criteria
* in stateful rules.
*/
public java.util.List getStatefulRuleGroupReferences() {
return statefulRuleGroupReferences;
}
/**
*
* References to the stateful rule groups that are used in the policy. These define the inspection criteria in
* stateful rules.
*
*
* @param statefulRuleGroupReferences
* References to the stateful rule groups that are used in the policy. These define the inspection criteria
* in stateful rules.
*/
public void setStatefulRuleGroupReferences(java.util.Collection statefulRuleGroupReferences) {
if (statefulRuleGroupReferences == null) {
this.statefulRuleGroupReferences = null;
return;
}
this.statefulRuleGroupReferences = new java.util.ArrayList(statefulRuleGroupReferences);
}
/**
*
* References to the stateful rule groups that are used in the policy. These define the inspection criteria in
* stateful rules.
*
*
* NOTE: This method appends the values to the existing list (if any). Use
* {@link #setStatefulRuleGroupReferences(java.util.Collection)} or
* {@link #withStatefulRuleGroupReferences(java.util.Collection)} if you want to override the existing values.
*
*
* @param statefulRuleGroupReferences
* References to the stateful rule groups that are used in the policy. These define the inspection criteria
* in stateful rules.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public FirewallPolicy withStatefulRuleGroupReferences(StatefulRuleGroupReference... statefulRuleGroupReferences) {
if (this.statefulRuleGroupReferences == null) {
setStatefulRuleGroupReferences(new java.util.ArrayList(statefulRuleGroupReferences.length));
}
for (StatefulRuleGroupReference ele : statefulRuleGroupReferences) {
this.statefulRuleGroupReferences.add(ele);
}
return this;
}
/**
*
* References to the stateful rule groups that are used in the policy. These define the inspection criteria in
* stateful rules.
*
*
* @param statefulRuleGroupReferences
* References to the stateful rule groups that are used in the policy. These define the inspection criteria
* in stateful rules.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public FirewallPolicy withStatefulRuleGroupReferences(java.util.Collection statefulRuleGroupReferences) {
setStatefulRuleGroupReferences(statefulRuleGroupReferences);
return this;
}
/**
*
* The default actions to take on a packet that doesn't match any stateful rules. The stateful default action is
* optional, and is only valid when using the strict rule order.
*
*
* Valid values of the stateful default action:
*
*
* -
*
* aws:drop_strict
*
*
* -
*
* aws:drop_established
*
*
* -
*
* aws:alert_strict
*
*
* -
*
* aws:alert_established
*
*
*
*
* For more information, see Strict evaluation order in the Network Firewall Developer Guide.
*
*
* @return The default actions to take on a packet that doesn't match any stateful rules. The stateful default
* action is optional, and is only valid when using the strict rule order.
*
* Valid values of the stateful default action:
*
*
* -
*
* aws:drop_strict
*
*
* -
*
* aws:drop_established
*
*
* -
*
* aws:alert_strict
*
*
* -
*
* aws:alert_established
*
*
*
*
* For more information, see Strict evaluation order in the Network Firewall Developer Guide.
*/
public java.util.List getStatefulDefaultActions() {
return statefulDefaultActions;
}
/**
*
* The default actions to take on a packet that doesn't match any stateful rules. The stateful default action is
* optional, and is only valid when using the strict rule order.
*
*
* Valid values of the stateful default action:
*
*
* -
*
* aws:drop_strict
*
*
* -
*
* aws:drop_established
*
*
* -
*
* aws:alert_strict
*
*
* -
*
* aws:alert_established
*
*
*
*
* For more information, see Strict evaluation order in the Network Firewall Developer Guide.
*
*
* @param statefulDefaultActions
* The default actions to take on a packet that doesn't match any stateful rules. The stateful default action
* is optional, and is only valid when using the strict rule order.
*
* Valid values of the stateful default action:
*
*
* -
*
* aws:drop_strict
*
*
* -
*
* aws:drop_established
*
*
* -
*
* aws:alert_strict
*
*
* -
*
* aws:alert_established
*
*
*
*
* For more information, see Strict evaluation order in the Network Firewall Developer Guide.
*/
public void setStatefulDefaultActions(java.util.Collection statefulDefaultActions) {
if (statefulDefaultActions == null) {
this.statefulDefaultActions = null;
return;
}
this.statefulDefaultActions = new java.util.ArrayList(statefulDefaultActions);
}
/**
*
* The default actions to take on a packet that doesn't match any stateful rules. The stateful default action is
* optional, and is only valid when using the strict rule order.
*
*
* Valid values of the stateful default action:
*
*
* -
*
* aws:drop_strict
*
*
* -
*
* aws:drop_established
*
*
* -
*
* aws:alert_strict
*
*
* -
*
* aws:alert_established
*
*
*
*
* For more information, see Strict evaluation order in the Network Firewall Developer Guide.
*
*
* NOTE: This method appends the values to the existing list (if any). Use
* {@link #setStatefulDefaultActions(java.util.Collection)} or
* {@link #withStatefulDefaultActions(java.util.Collection)} if you want to override the existing values.
*
*
* @param statefulDefaultActions
* The default actions to take on a packet that doesn't match any stateful rules. The stateful default action
* is optional, and is only valid when using the strict rule order.
*
* Valid values of the stateful default action:
*
*
* -
*
* aws:drop_strict
*
*
* -
*
* aws:drop_established
*
*
* -
*
* aws:alert_strict
*
*
* -
*
* aws:alert_established
*
*
*
*
* For more information, see Strict evaluation order in the Network Firewall Developer Guide.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public FirewallPolicy withStatefulDefaultActions(String... statefulDefaultActions) {
if (this.statefulDefaultActions == null) {
setStatefulDefaultActions(new java.util.ArrayList(statefulDefaultActions.length));
}
for (String ele : statefulDefaultActions) {
this.statefulDefaultActions.add(ele);
}
return this;
}
/**
*
* The default actions to take on a packet that doesn't match any stateful rules. The stateful default action is
* optional, and is only valid when using the strict rule order.
*
*
* Valid values of the stateful default action:
*
*
* -
*
* aws:drop_strict
*
*
* -
*
* aws:drop_established
*
*
* -
*
* aws:alert_strict
*
*
* -
*
* aws:alert_established
*
*
*
*
* For more information, see Strict evaluation order in the Network Firewall Developer Guide.
*
*
* @param statefulDefaultActions
* The default actions to take on a packet that doesn't match any stateful rules. The stateful default action
* is optional, and is only valid when using the strict rule order.
*
* Valid values of the stateful default action:
*
*
* -
*
* aws:drop_strict
*
*
* -
*
* aws:drop_established
*
*
* -
*
* aws:alert_strict
*
*
* -
*
* aws:alert_established
*
*
*
*
* For more information, see Strict evaluation order in the Network Firewall Developer Guide.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public FirewallPolicy withStatefulDefaultActions(java.util.Collection statefulDefaultActions) {
setStatefulDefaultActions(statefulDefaultActions);
return this;
}
/**
*
* Additional options governing how Network Firewall handles stateful rules. The stateful rule groups that you use
* in your policy must have stateful rule options settings that are compatible with these settings.
*
*
* @param statefulEngineOptions
* Additional options governing how Network Firewall handles stateful rules. The stateful rule groups that
* you use in your policy must have stateful rule options settings that are compatible with these settings.
*/
public void setStatefulEngineOptions(StatefulEngineOptions statefulEngineOptions) {
this.statefulEngineOptions = statefulEngineOptions;
}
/**
*
* Additional options governing how Network Firewall handles stateful rules. The stateful rule groups that you use
* in your policy must have stateful rule options settings that are compatible with these settings.
*
*
* @return Additional options governing how Network Firewall handles stateful rules. The stateful rule groups that
* you use in your policy must have stateful rule options settings that are compatible with these settings.
*/
public StatefulEngineOptions getStatefulEngineOptions() {
return this.statefulEngineOptions;
}
/**
*
* Additional options governing how Network Firewall handles stateful rules. The stateful rule groups that you use
* in your policy must have stateful rule options settings that are compatible with these settings.
*
*
* @param statefulEngineOptions
* Additional options governing how Network Firewall handles stateful rules. The stateful rule groups that
* you use in your policy must have stateful rule options settings that are compatible with these settings.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public FirewallPolicy withStatefulEngineOptions(StatefulEngineOptions statefulEngineOptions) {
setStatefulEngineOptions(statefulEngineOptions);
return this;
}
/**
*
* The Amazon Resource Name (ARN) of the TLS inspection configuration.
*
*
* @param tLSInspectionConfigurationArn
* The Amazon Resource Name (ARN) of the TLS inspection configuration.
*/
public void setTLSInspectionConfigurationArn(String tLSInspectionConfigurationArn) {
this.tLSInspectionConfigurationArn = tLSInspectionConfigurationArn;
}
/**
*
* The Amazon Resource Name (ARN) of the TLS inspection configuration.
*
*
* @return The Amazon Resource Name (ARN) of the TLS inspection configuration.
*/
public String getTLSInspectionConfigurationArn() {
return this.tLSInspectionConfigurationArn;
}
/**
*
* The Amazon Resource Name (ARN) of the TLS inspection configuration.
*
*
* @param tLSInspectionConfigurationArn
* The Amazon Resource Name (ARN) of the TLS inspection configuration.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public FirewallPolicy withTLSInspectionConfigurationArn(String tLSInspectionConfigurationArn) {
setTLSInspectionConfigurationArn(tLSInspectionConfigurationArn);
return this;
}
/**
*
* Contains variables that you can use to override default Suricata settings in your firewall policy.
*
*
* @param policyVariables
* Contains variables that you can use to override default Suricata settings in your firewall policy.
*/
public void setPolicyVariables(PolicyVariables policyVariables) {
this.policyVariables = policyVariables;
}
/**
*
* Contains variables that you can use to override default Suricata settings in your firewall policy.
*
*
* @return Contains variables that you can use to override default Suricata settings in your firewall policy.
*/
public PolicyVariables getPolicyVariables() {
return this.policyVariables;
}
/**
*
* Contains variables that you can use to override default Suricata settings in your firewall policy.
*
*
* @param policyVariables
* Contains variables that you can use to override default Suricata settings in your firewall policy.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public FirewallPolicy withPolicyVariables(PolicyVariables policyVariables) {
setPolicyVariables(policyVariables);
return this;
}
/**
* Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be
* redacted from this string using a placeholder value.
*
* @return A string representation of this object.
*
* @see java.lang.Object#toString()
*/
@Override
public String toString() {
StringBuilder sb = new StringBuilder();
sb.append("{");
if (getStatelessRuleGroupReferences() != null)
sb.append("StatelessRuleGroupReferences: ").append(getStatelessRuleGroupReferences()).append(",");
if (getStatelessDefaultActions() != null)
sb.append("StatelessDefaultActions: ").append(getStatelessDefaultActions()).append(",");
if (getStatelessFragmentDefaultActions() != null)
sb.append("StatelessFragmentDefaultActions: ").append(getStatelessFragmentDefaultActions()).append(",");
if (getStatelessCustomActions() != null)
sb.append("StatelessCustomActions: ").append(getStatelessCustomActions()).append(",");
if (getStatefulRuleGroupReferences() != null)
sb.append("StatefulRuleGroupReferences: ").append(getStatefulRuleGroupReferences()).append(",");
if (getStatefulDefaultActions() != null)
sb.append("StatefulDefaultActions: ").append(getStatefulDefaultActions()).append(",");
if (getStatefulEngineOptions() != null)
sb.append("StatefulEngineOptions: ").append(getStatefulEngineOptions()).append(",");
if (getTLSInspectionConfigurationArn() != null)
sb.append("TLSInspectionConfigurationArn: ").append(getTLSInspectionConfigurationArn()).append(",");
if (getPolicyVariables() != null)
sb.append("PolicyVariables: ").append(getPolicyVariables());
sb.append("}");
return sb.toString();
}
@Override
public boolean equals(Object obj) {
if (this == obj)
return true;
if (obj == null)
return false;
if (obj instanceof FirewallPolicy == false)
return false;
FirewallPolicy other = (FirewallPolicy) obj;
if (other.getStatelessRuleGroupReferences() == null ^ this.getStatelessRuleGroupReferences() == null)
return false;
if (other.getStatelessRuleGroupReferences() != null && other.getStatelessRuleGroupReferences().equals(this.getStatelessRuleGroupReferences()) == false)
return false;
if (other.getStatelessDefaultActions() == null ^ this.getStatelessDefaultActions() == null)
return false;
if (other.getStatelessDefaultActions() != null && other.getStatelessDefaultActions().equals(this.getStatelessDefaultActions()) == false)
return false;
if (other.getStatelessFragmentDefaultActions() == null ^ this.getStatelessFragmentDefaultActions() == null)
return false;
if (other.getStatelessFragmentDefaultActions() != null
&& other.getStatelessFragmentDefaultActions().equals(this.getStatelessFragmentDefaultActions()) == false)
return false;
if (other.getStatelessCustomActions() == null ^ this.getStatelessCustomActions() == null)
return false;
if (other.getStatelessCustomActions() != null && other.getStatelessCustomActions().equals(this.getStatelessCustomActions()) == false)
return false;
if (other.getStatefulRuleGroupReferences() == null ^ this.getStatefulRuleGroupReferences() == null)
return false;
if (other.getStatefulRuleGroupReferences() != null && other.getStatefulRuleGroupReferences().equals(this.getStatefulRuleGroupReferences()) == false)
return false;
if (other.getStatefulDefaultActions() == null ^ this.getStatefulDefaultActions() == null)
return false;
if (other.getStatefulDefaultActions() != null && other.getStatefulDefaultActions().equals(this.getStatefulDefaultActions()) == false)
return false;
if (other.getStatefulEngineOptions() == null ^ this.getStatefulEngineOptions() == null)
return false;
if (other.getStatefulEngineOptions() != null && other.getStatefulEngineOptions().equals(this.getStatefulEngineOptions()) == false)
return false;
if (other.getTLSInspectionConfigurationArn() == null ^ this.getTLSInspectionConfigurationArn() == null)
return false;
if (other.getTLSInspectionConfigurationArn() != null
&& other.getTLSInspectionConfigurationArn().equals(this.getTLSInspectionConfigurationArn()) == false)
return false;
if (other.getPolicyVariables() == null ^ this.getPolicyVariables() == null)
return false;
if (other.getPolicyVariables() != null && other.getPolicyVariables().equals(this.getPolicyVariables()) == false)
return false;
return true;
}
@Override
public int hashCode() {
final int prime = 31;
int hashCode = 1;
hashCode = prime * hashCode + ((getStatelessRuleGroupReferences() == null) ? 0 : getStatelessRuleGroupReferences().hashCode());
hashCode = prime * hashCode + ((getStatelessDefaultActions() == null) ? 0 : getStatelessDefaultActions().hashCode());
hashCode = prime * hashCode + ((getStatelessFragmentDefaultActions() == null) ? 0 : getStatelessFragmentDefaultActions().hashCode());
hashCode = prime * hashCode + ((getStatelessCustomActions() == null) ? 0 : getStatelessCustomActions().hashCode());
hashCode = prime * hashCode + ((getStatefulRuleGroupReferences() == null) ? 0 : getStatefulRuleGroupReferences().hashCode());
hashCode = prime * hashCode + ((getStatefulDefaultActions() == null) ? 0 : getStatefulDefaultActions().hashCode());
hashCode = prime * hashCode + ((getStatefulEngineOptions() == null) ? 0 : getStatefulEngineOptions().hashCode());
hashCode = prime * hashCode + ((getTLSInspectionConfigurationArn() == null) ? 0 : getTLSInspectionConfigurationArn().hashCode());
hashCode = prime * hashCode + ((getPolicyVariables() == null) ? 0 : getPolicyVariables().hashCode());
return hashCode;
}
@Override
public FirewallPolicy clone() {
try {
return (FirewallPolicy) super.clone();
} catch (CloneNotSupportedException e) {
throw new IllegalStateException("Got a CloneNotSupportedException from Object.clone() " + "even though we're Cloneable!", e);
}
}
@com.amazonaws.annotation.SdkInternalApi
@Override
public void marshall(ProtocolMarshaller protocolMarshaller) {
com.amazonaws.services.networkfirewall.model.transform.FirewallPolicyMarshaller.getInstance().marshall(this, protocolMarshaller);
}
}